cancel
Showing results for 
Search instead for 
Did you mean: 

While creating Tunnel getting invalid server certificate

ashutosh_shrivastava4
Participant
0 Kudos

Hi,

I want to create a tunnel between SAP HCP and SAP Design studio

While creating tunnel getting Error--- "Server certificate might be invalid or untrusted"

Any idea how to resolve this issue?

Regards,

Ashutosh

Accepted Solutions (0)

Answers (2)

Answers (2)

ashutosh_shrivastava4
Participant
0 Kudos

Hi Anton,

its not working..

If possible can you see the logs--

2016-07-20 14:54:00,584 INFO  [main] com.sap.jpaas.infrastructure.console.ConsoleLogger: Arguments:   -i shadev2hanaxs -a p957815trial -h hanatrial.ondemand.com -u p957815

2016-07-20 14:54:02,217 INFO  [main] com.sap.jpaas.infrastructure.console.ConsoleLogger: Starting execution of command [open-db-tunnel]

2016-07-20 14:54:02,274 INFO  [pool-2-thread-1] com.sap.jpaas.infrastructure.console.PropertyFileProvider: Loaded properties file [C:\Users\ASSHRI~1\AppData\Local\Temp\sdkcheck.hanatrial.ondemand.com.neo-java-web.1.107.14.1.tmp]

2016-07-20 14:54:02,275 ERROR [pool-2-thread-1] com.sap.jpaas.infrastructure.console.ConsoleLogger: An error occured while parsing date from file. A version vailidity check will still be performed

java.lang.NumberFormatException: null

  at java.lang.Long.parseLong(Unknown Source)

  at java.lang.Long.parseLong(Unknown Source)

  at com.sap.jpaas.infrastructure.console.SDKVersionPropertyFileProvider.getLastUpdateDate(SDKVersionPropertyFileProvider.java:68)

  at com.sap.jpaas.infrastructure.console.VersionValidityChecker.shouldCheckVersion(VersionValidityChecker.java:116)

  at com.sap.jpaas.infrastructure.console.VersionValidityChecker.call(VersionValidityChecker.java:73)

  at com.sap.jpaas.infrastructure.console.VersionValidityChecker.call(VersionValidityChecker.java:21)

  at java.util.concurrent.FutureTask.run(Unknown Source)

  at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)

  at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)

  at java.lang.Thread.run(Unknown Source)

2016-07-20 14:54:02,277 INFO  [pool-2-thread-1] com.sap.jpaas.infrastructure.console.ConsoleLogger: Currently running SDK version validity check for user SDK version: 1.107.14.1, landscape: hanatrial.ondemand.com and runtime: neo-java-web

2016-07-20 14:54:03,781 ERROR [main] com.sap.jpaas.infrastructure.console.ConsoleLogger: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

com.sap.jpaas.infrastructure.console.exception.CommandException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

  at com.sap.jpaas.infrastructure.console.VersionValidityCheckProvider.getVersionValidityCheckResult(VersionValidityCheckProvider.java:77)

  at com.sap.jpaas.infrastructure.console.command.UnsecuredRemoteCommand.blockingOptimizedCheck(UnsecuredRemoteCommand.java:117)

  at com.sap.jpaas.infrastructure.console.command.UnsecuredRemoteCommand.performVersionValidityCheck(UnsecuredRemoteCommand.java:70)

  at com.sap.jpaas.infrastructure.console.command.UnsecuredRemoteCommand.initWithHostOnlyCheck(UnsecuredRemoteCommand.java:63)

  at com.sap.jpaas.infrastructure.console.command.RemoteCommand.initWithNoPasswordCheck(RemoteCommand.java:46)

  at com.sap.jpaas.infrastructure.console.command.RemoteCommand.init(RemoteCommand.java:41)

  at com.sap.core.persistence.commands.AbstractAccountCommand.init(AbstractAccountCommand.java:36)

  at com.sap.core.persistence.commands.tunnel.OpenDbTunnelCommand.init(OpenDbTunnelCommand.java:61)

  at com.sap.jpaas.infrastructure.console.CommandManager.run(CommandManager.java:171)

  at com.sap.jpaas.infrastructure.console.CommandManager.run(CommandManager.java:144)

  at com.sap.jpaas.infrastructure.console.ConsoleClient.executeCommand(ConsoleClient.java:239)

  at com.sap.jpaas.infrastructure.console.ConsoleClient.run(ConsoleClient.java:185)

  at com.sap.jpaas.infrastructure.console.ConsoleClient.main(ConsoleClient.java:82)

Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

  at sun.security.ssl.Alerts.getSSLException(Unknown Source)

  at sun.security.ssl.SSLSocketImpl.fatal(Unknown Source)

  at sun.security.ssl.Handshaker.fatalSE(Unknown Source)

  at sun.security.ssl.Handshaker.fatalSE(Unknown Source)

  at sun.security.ssl.ClientHandshaker.serverCertificate(Unknown Source)

  at sun.security.ssl.ClientHandshaker.processMessage(Unknown Source)

  at sun.security.ssl.Handshaker.processLoop(Unknown Source)

  at sun.security.ssl.Handshaker.process_record(Unknown Source)

  at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)

  at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)

  at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)

  at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)

  at org.apache.http.conn.ssl.SSLSocketFactory.createLayeredSocket(SSLSocketFactory.java:554)

  at org.apache.http.conn.ssl.SSLSocketFactory.createLayeredSocket(SSLSocketFactory.java:435)

  at org.apache.http.impl.conn.DefaultClientConnectionOperator.updateSecureConnection(DefaultClientConnectionOperator.java:216)

  at org.apache.http.impl.conn.AbstractPoolEntry.layerProtocol(AbstractPoolEntry.java:243)

  at org.apache.http.impl.conn.AbstractPooledConnAdapter.layerProtocol(AbstractPooledConnAdapter.java:152)

  at org.apache.http.impl.client.DefaultRequestDirector.establishRoute(DefaultRequestDirector.java:814)

  at org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:615)

  at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:446)

  at org.apache.http.impl.client.AbstractHttpClient.doExecute(AbstractHttpClient.java:863)

  at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:82)

  at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:106)

  at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:57)

  at com.sap.core.utils.sdk.status.SDKVersionStatusUtils.performCall(SDKVersionStatusUtils.java:217)

  at com.sap.core.utils.sdk.status.SDKVersionStatusUtils.getSupportedSDKVersions(SDKVersionStatusUtils.java:98)

  at com.sap.core.utils.sdk.status.SDKVersionStatusUtils.determineStatus(SDKVersionStatusUtils.java:71)

  at com.sap.jpaas.infrastructure.console.VersionValidityChecker.createNonOptimizedVvcResponse(VersionValidityChecker.java:98)

  at com.sap.jpaas.infrastructure.console.VersionValidityChecker.call(VersionValidityChecker.java:87)

  at com.sap.jpaas.infrastructure.console.VersionValidityChecker.call(VersionValidityChecker.java:21)

  at java.util.concurrent.FutureTask.run(Unknown Source)

  at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)

  at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)

  at java.lang.Thread.run(Unknown Source)

Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

  at sun.security.validator.PKIXValidator.doBuild(Unknown Source)

  at sun.security.validator.PKIXValidator.engineValidate(Unknown Source)

  at sun.security.validator.Validator.validate(Unknown Source)

  at sun.security.ssl.X509TrustManagerImpl.validate(Unknown Source)

  at sun.security.ssl.X509TrustManagerImpl.checkTrusted(Unknown Source)

  at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source)

  ... 30 more

Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

  at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(Unknown Source)

  at java.security.cert.CertPathBuilder.build(Unknown Source)

  ... 36 more

2016-07-20 14:54:03,783 INFO  [main] com.sap.jpaas.infrastructure.console.ConsoleLogger: Command [open-db-tunnel] init() finished for [1566] ms

2016-07-20 14:54:15,900 INFO  [main] com.sap.core.tunnelcommands.framework.executor.CommandTunnelRequestExecutor: CommandTunnelRequestExecutor.executeRequest() called for command [open-db-tunnel] (version: 0.54.0)

2016-07-20 14:54:16,838 INFO  [main] com.sap.jpaas.infrastructure.console.ConsoleLogger: Command [open-db-tunnel] cleanup() finished for [0] ms

2016-07-20 14:54:16,846 FATAL [main] com.sap.jpaas.infrastructure.console.ConsoleLogger: ERROR; SSL error when connecting to https://services.hanatrial.ondemand.com/services/v1/instances/p957815trial/persistence/v3/dbtunnel/s... server certificate might be invalid or untrusted

com.sap.jpaas.infrastructure.console.exception.ValidationException

  at com.sap.core.tunnelcommands.framework.executor.HttpClientProvider.createClientWithBasicAuthentication(HttpClientProvider.java:43)

  at com.sap.core.tunnelcommands.framework.executor.HttpClientProvider.createClientWithBasicAuth(HttpClientProvider.java:33)

  at com.sap.core.tunnelcommands.framework.executor.CommandTunnelRequestExecutor.getClientWithBasicAuth(CommandTunnelRequestExecutor.java:154)

  at com.sap.core.tunnelcommands.framework.executor.CommandTunnelRequestExecutor.executeRequest(CommandTunnelRequestExecutor.java:51)

  at com.sap.core.tunnelcommands.framework.executor.CommandTunnelRequestExecutor.executeRequest(CommandTunnelRequestExecutor.java:39)

  at com.sap.core.persistence.commands.tunnel.api.CommandTunnelHandler.performOpenTunnelRequest(CommandTunnelHandler.java:263)

  at com.sap.core.persistence.commands.tunnel.api.CommandTunnelHandler.openTunnel(CommandTunnelHandler.java:133)

  at com.sap.core.persistence.commands.tunnel.OpenDbTunnelCommand.openTunnelInShellProcess(OpenDbTunnelCommand.java:191)

  at com.sap.core.persistence.commands.tunnel.OpenDbTunnelCommand.run(OpenDbTunnelCommand.java:130)

  at com.sap.jpaas.infrastructure.console.CommandManager.run(CommandManager.java:183)

  at com.sap.jpaas.infrastructure.console.CommandManager.run(CommandManager.java:144)

  at com.sap.jpaas.infrastructure.console.ConsoleClient.executeCommand(ConsoleClient.java:239)

  at com.sap.jpaas.infrastructure.console.ConsoleClient.run(ConsoleClient.java:185)

  at com.sap.jpaas.infrastructure.console.ConsoleClient.main(ConsoleClient.java:82)

Caused by: com.sap.core.utils.infrastructure.validation.HostValidationException: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

  at com.sap.core.utils.infrastructure.validation.LandscapeHostValidator.getHttpClient(LandscapeHostValidator.java:355)

  at com.sap.core.tunnelcommands.framework.executor.HttpClientProvider.createClientWithBasicAuthentication(HttpClientProvider.java:40)

  ... 13 more

Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

  at sun.security.ssl.Alerts.getSSLException(Unknown Source)

  at sun.security.ssl.SSLSocketImpl.fatal(Unknown Source)

  at sun.security.ssl.Handshaker.fatalSE(Unknown Source)

  at sun.security.ssl.Handshaker.fatalSE(Unknown Source)

  at sun.security.ssl.ClientHandshaker.serverCertificate(Unknown Source)

  at sun.security.ssl.ClientHandshaker.processMessage(Unknown Source)

  at sun.security.ssl.Handshaker.processLoop(Unknown Source)

  at sun.security.ssl.Handshaker.process_record(Unknown Source)

  at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)

  at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)

  at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)

  at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)

  at org.apache.http.conn.ssl.SSLSocketFactory.createLayeredSocket(SSLSocketFactory.java:554)

  at org.apache.http.conn.ssl.SSLSocketFactory.createLayeredSocket(SSLSocketFactory.java:435)

  at org.apache.http.impl.conn.DefaultClientConnectionOperator.updateSecureConnection(DefaultClientConnectionOperator.java:216)

  at org.apache.http.impl.conn.AbstractPoolEntry.layerProtocol(AbstractPoolEntry.java:243)

  at org.apache.http.impl.conn.AbstractPooledConnAdapter.layerProtocol(AbstractPooledConnAdapter.java:152)

  at org.apache.http.impl.client.DefaultRequestDirector.establishRoute(DefaultRequestDirector.java:814)

  at org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:615)

  at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:446)

  at org.apache.http.impl.client.AbstractHttpClient.doExecute(AbstractHttpClient.java:863)

  at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:115)

  at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:57)

  at com.sap.core.utils.infrastructure.validation.LandscapeHostValidator.getHttpClient(LandscapeHostValidator.java:328)

  ... 14 more

Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

  at sun.security.validator.PKIXValidator.doBuild(Unknown Source)

  at sun.security.validator.PKIXValidator.engineValidate(Unknown Source)

  at sun.security.validator.Validator.validate(Unknown Source)

  at sun.security.ssl.X509TrustManagerImpl.validate(Unknown Source)

  at sun.security.ssl.X509TrustManagerImpl.checkTrusted(Unknown Source)

  at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source)

  ... 34 more

Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

  at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(Unknown Source)

  at java.security.cert.CertPathBuilder.build(Unknown Source)

  ... 40 more

Thanks,

Ashutosh

anton_levin
Active Contributor
0 Kudos

Out of ideas for now. Maybe other community members will help.

Ulrich_Schmidt
Product and Topic Expert
Product and Topic Expert
0 Kudos

Hi,

isn't that the error one gets when the Java VM is too old? If the JVM is older than July 2013, the new Cybertrust (Baltimore) root CA certificate is missing in the JVM, which could cause SSL handshake failures like the one we see here.

Can you type "java -version" in the window where you start the neo client (or check the neo start script which JVM installation it is using and then check the version of that)?

Regards, Ulrich

ashutosh_shrivastava4
Participant
0 Kudos

Hi Ulrich,

Thanks for information.

I have updated Java VM, but getting same certificate error .

Regards,

Ashutosh

ashutosh_shrivastava4
Participant
0 Kudos

Hi Guys,

Is there anyone who has gone through this issue or if anyone has successfully created tunnel between SAP HCP and SAP Design Studio local, please comment.

Regards,

Ashutosh

anton_levin
Active Contributor
0 Kudos

Hi Ashutosh,

you'd need to update your SDK to get the latest / valid certificates. Your Java Web SDK v is 1.104.x. Latest one is 1.107 SAP Development Tools

Regards,

Anton

ashutosh_shrivastava4
Participant
0 Kudos

Hi Anton,

Thanks for prompt reply,

I have installed SDK version 1.107 in different folder now but but still getting same error, old sdk is still installed.

Thanks,

Ashutosh

anton_levin
Active Contributor
0 Kudos

I also see a typo in your command line your account parameter -a pXXXtrail (should be trial)

ashutosh_shrivastava4
Participant
0 Kudos

Thanks for correction Anton, but same error is coming.

Thanks,

Ashutosh

anton_levin
Active Contributor
0 Kudos

*just to try. Can you terminate all existing console sessions and then try to run a console "as administrator"?